AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

1 1 . (Currently amended) A method for managing a database system, 

2 I wherein the datab»s« astern has a plurality of administrators, comprising: 

3 receiving a command to perform an administrative function involving an 

4 object defined within the database system; 

5 determining if the object is a sensitive object that is associated with 

6 security functions in the database system, wherein the sensitive object a*d-snly 

7 die acnoitivo object is encrypted in the database system, wherein the sensitive 

8 object can include a sensitive row within a table in the database system, wherein 

9 the sensitive row contains sensitive data, and wherein other rows in the table need 

1 0 not contain sensitive data; 

1 1 wherein the sensitive object can include one of: 

j 2 a sensitive table containing sensitive data in the database 

13 system, and 

14 an object that represents a sensitive user of the database 
j 5 system who is empowered to access sensitive data^ 

16 wherein at least o™ of the plurality of administra tors is a security officer 

17 who can perform administrative Amotions on sensitive objects; 

1 g wWbv -wherein an administrator in the, plurality of administrators who is 

1 9 nnt a security officer cannot become a sensitive user and thereby obtain access to 

20 I sensitive objects indirectly; 

21 if the object is not a sensitive object, and if the command to perform an 
administrative is received from a normal database an administrator feHhe 
nitnrnny " ™t a security officer, allowing the administrative function 



22 
23 



24 to proceed; and 



2 
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25 
26 



if the object is a sensitive object, and if the command is received from a 
normal system injiflmini^"- " ™* « ^curitv officer, disallowing the 



27 administrative function. 



1 2 . (Currently amended) The method of claim 1 , further comprising: 

2 receiving a request to perform an operation on a data item in the database 

3 system; 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received from a sensitive user who is empowered to access 

6 sensitive data, allowing the operation to proceed if the sensitive user has access 

7 I rights to the sensitive data item; and 

8 if the data item is a sensitive data item and the request is received from a 

9 | nrnp^""" k nnt a sensitive user , disallowing the operation. 

1 3. (Original) The method of claim 2, wherein if the data item is a sensitive 

2 data item, if the operation is allowed to proceed, and if the operation involves 

3 retrieval of the data item, the method further comprises decrypting the data item 

4 using an encryption key after the data item is retrieved. 

1 4. (Original) The method of claim 3, wherein the encryption key is stored 

2 along with a table containing the data item. 

1 5. (Original) The method of claim 4, wherein the encryption key is stored 

2 in encrypted form. 

1 6. (Canceled). 



3 

ARP E:\Oracle Corporation\OR00-14001\Amendment D OR00-14001.doc 



1 7. (Original) The method of claim 1, wherein if the object is not a sensitive 

2 object, and if the command to perform the administrative function is received 
from a security officer, the method further comprises allowing the security officer 



3 



4 to perform the administrative function on the object. 



1 

2 

3 and 



4 



8. (Original) The method of claim 1, 

wherein the database system includes a number of sensitive data items; 



4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 



1 9. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 
3 



method for managing a database system, wherein the database s ystem has a 
plurality of administrators, t he method comprising: 

5 receiving a command to perform an administrative function involving an 

6 object defined within the database system; 
determining if the object is a sensitive object that is associated with 

security functions in the database system, wherein the sensitive object afld^aly 

dmacnaitivo object is encrypted in the database system, wherein the sensitive 

10 object can include a sensitive row within a table in the database system, wherein 

1 1 the sensitive row contains sensitive data, and wherein other rows in the table need 

1 2 not contain sensitive data; 

1 3 wherein the sensitive object can include one of: 

14 a sensitive table containing sensitive data in the database 

15 system, and 
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1 6 an object that represents a sensitive user of the database system who is 

1 7 empowered to access sensitive data T ; 

!g wherein at least one of the plurality of ad ministrators is a security officer 

19 who can perform administrative functi ons on sensitive objects; 

20 wforebv- wherein an administrator in the pluralit y of administrators who is 

2 1 not a security officer cannot become a sensitive user and thereby obtain access to 

22 j sensitive objects indirectly; 

23 if the object is not a sensitive object, and if the command is received from 

24 | a normal database an administrator for the database s ystem who is not a security 

25 officer, allowing the administrative function to proceed; and 

26 if the object is a sensitive object, and if the command is received from a 

27 normal system an administrator system who is not a security officer, disallowing 

28 the administrative function. 

1 10. (Currently amended) The computer-readable storage medium of claim 

2 9, wherein the method further comprises: 

3 receiving a request to perform an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive data item containing sensitive information 

6 and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the sensitive data item; and 

9 if the data item is a sensitive data item and the request is received from a 



10 



eternal-user system who is not a sensitive user , disallowing the operation. 



1 11. (Original) The computer-readable storage medium of claim 1 0, 

2 wherein if the data item is a sensitive data item, if the operation is allowed to 
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3 proceed, and if the operation involves retrieval of the data item, the method 

4 further comprises decrypting the data item using an encryption key after the data 

5 item is retrieved. 



1 12. (Original) The computer-readable storage medium of claim 1 1 , 

2 wherein the encryption key is stored along with a table containing the data item. 

1 13. (Original) The computer-readable storage medium of claim 1 2, 

2 wherein the encryption key is stored in encrypted form. 

1 14. (Canceled). 

1 1 5. (Original) The computer-readable storage medium of claim 9, wherein 

2 if the object is not a sensitive object, and if the command to perform the 

3 administrative function is received from a security officer, the method further 

4 comprises allowing the security officer to perform the administrative function. 

1 16. (Original) The computer-readable storage medium of claim 9, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 17. (Currently amended) An apparatus for managing a database system, 

2 wherein the database system has a plurality of administrators, comprising: 
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3 



12 
13 



a command receiving mechanism that is configured to receive a command 

4 to perform an administrative function involving an object defined within the 

5 database system; 

6 an execution mechanism that is configured to, 

determine if the object is a sensitive object that is 

associated with security functions in the database system, wherein 
the sensitive object and only the sensitive object is encrypted in the 
10 ' database system, wherein the sensitive object can include a 

j j sensitive row within a table in the database system, wherein the 

sensitive row contains sensitive data, and wherein other rows in the 
table need not contain sensitive data, wherein the sensitive object 
14 can include one of: 

j 5 a sensitive table containing sensitive data in 

! g the database system, and 

j 7 an object that represents a sensitive user of the database 

system who is empowered to access sensitive data r : 
wherein at least one of the pluralit y of administrators is a security officer 
who ran perform administrative fun c tions on sensitive objects; 

wfeefeby-whereinan administrator in the plurality of administrators who is 

22 not a security officer c annot become a sensitive user and thereby obtain access to 

23 sensitive objects indirectly; 

allow the administrative function to proceed, if the object is 

not a sensitive object, and if the command is received from a 

normal database an administrator f ut the database syst t>m whojs 

27 not a security officer , and to 



18 
19 
20 
21 



24 
25 
26 
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disallow the administrative function, if the object is a-the 
sensitive object, and if the command is received from a normal 
system an^HminUtratnr who is not a security officer. 

18. (Currently amended) The apparatus of claim 17, 
2 wherein the command receiving mechanism is configured to receive a 



28 
29 
30 

1 



3 



3 



1 



request to perform an operation on a data item in the database system; 



4 wherein the execution mechanism is configured to, 



allow the operation to proceed, if the data item is a 



5 

6 sensitive data item, if the request is received from a sensitive user 

7 who is empowered to access sensitive data, and if the sensitive user 

8 I has access rights to the sensjtiyedata item, and to 

9 1 disallow the operation, if the data item is a sensitive data 

10 item, and if the request is received from a normal-use r who is not a 

11 sensitive user . 

1 19. (Original) The apparatus of claim 1 8, further comprising a decryption 

2 mechanism, wherein if the data item is a sensitive data item, if the operation is 
allowed to proceed, and if the operation involves retrieval of the data item, the 

4 decryption mechanism is configured to decrypt the data item using an encryption 

5 key after the data item is retrieved 



20. (Original) The apparatus of claim 19, wherein the encryption key is 



2 stored along with a table containing the data item. 



1 2i. (Original) The apparatus of claim 20, wherein the encryption key is 

2 stored in encrypted form. 
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1 22. (Canceled). 

1 23. (Original) The apparatus of claim 17, wherein if the object is not a 

2 sensitive object, and if the command to perform the administrative function is 

3 received from a security officer, the execution mechanism is configured to allow 

4 the security officer to perform the administrative function. 



24. (Original) The apparatus of claim 17, 

wherein the database system includes a number of sensitive data items; 



1 

2 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 25 . (New) A method for managing a database system, comprising: 

2 receiving a command to perform an administrative function involving an 

3 object defined within the database system; 

4 determining if the object is a sensitive object that is associated with 

5 security functions in the database system; 

6 wherein at least one of the plurality of administrators is a security officer 

7 who can perform administrative functions on sensitive objects; 

8 wherein an administrator in the plurality of administrators who is not a 

9 security officer cannot become a sensitive user and thereby obtain access to 

10 sensitive objects indirectly; 

11 if the object is not a sensitive object, and if the command is received from 

12 a database administrator who is not a security officer, allowing the administrative 

1 3 function to proceed; and 
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14 if the object is a sensitive object, and if the command is received from a 

1 5 system administrator who is not a security officer, disallowing the administrative 

16 function. 

1 26. (New) The method of claim 25, further comprising: 

2 receiving a request to perform an operation on a data item in the database 

3 system; 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received from a sensitive user who is empowered to access 

6 sensitive data, allowing the operation to proceed if the sensitive user has access 

7 rights to the sensitive data item; and 

8 if the data item is a sensitive data item and the request is received from a 

9 user who is not a sensitive user, disallowing the operation. 

1 27. (New) The method of claim 26, wherein if the data item is a sensitive 

2 data item, if the operation is allowed to proceed, and if the operation involves 

3 retrieval of the data item, the method further comprises decrypting the data item 

4 using an encryption key after the data item is retrieved. 

1 28. (New) The method of claim 27, wherein the encryption key is stored 

2 along with a table containing the data item. 



29. (New) The method of claim 28, wherein the encryption key is stored in 



2 



encrypted form. 



30. (New) The method of claim 25, wherein the sensitive object can 



2 



include one of: 
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3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 



1 31. (New) The method of claim 25, wherein if the object is not a sensitive 

2 object, and if the command to perform the administrative function is received 

3 from a security officer, the method further comprises allowing the security officer 

4 to perform the administrative function on the object. 



1 32. (New) The method of claim 25, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 



5 sensitive data item. 



1 33. (New) A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for 

3 managing a database system, the method comprising: 

4 receiving a command to perform an administrative function involving an 

5 obj ect defined within the database system; 

6 determining if the object is a sensitive object that is associated with 

7 security functions in the database system; 

8 wherein at least one of the plurality of administrators is a security officer 

9 who can perform administrative functions on sensitive objects; 
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1 0 wherein an administrator in the plurality of administrators who is not a 

1 1 security officer cannot become a sensitive user and thereby obtain access to 

1 2 sensitive obj ects indirectly; 

13 if the object is not a sensitive object, and if the command is received from 

14 a database administrator who is not a security officer, allowing the administrative 

1 5 function to proceed; and 

16 if the object is a sensitive object, and if the command is received from a 

1 7 system administrator who is not a security officer, disallowing the administrative 

18 function. 

1 34. (New) The computer-readable storage medium of claim 33, wherein 

2 the method further comprises: 

3 receiving a request to perform an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive data item containing sensitive information 

6 and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the sensitive data item; and 

9 if the data item is a sensitive data item and the request is received from a 
10 user who is not a sensitive user, disallowing the operation. 

1 35. (New) The computer-readable storage medium of claim 34, wherein if 

2 the data item is a sensitive data item, if the operation is allowed to proceed, and if 

3 the operation involves retrieval of the data item, the method further comprises 

4 decrypting the data item using an encryption key after the data item is retrieved. 
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1 



1 



1 



36. (New) The computer-readable storage medium of claim 35, wherein 



2 the encryption key is stored along with a table containing the data item. 



37. (New) The computer-readable storage medium of claim 36, wherein 



2 the encryption key is stored in encrypted form. 



1 38. (New) The computer-readable storage medium of claim 33, wherein 

2 the sensitive object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 



39. (New) The computer-readable storage medium of claim 33, wherein if 

2 the object is not a sensitive object, and if the command to perform the 

3 administrative function is received from a security officer, the method further 

4 comprises allowing the security officer to perform the administrative function. 

1 40. (New) The computer-readable storage medium of claim 33, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 41. (New) An apparatus for managing a database system, comprising: 



13 

ARP E:\Oracle Corporation\OR00-14001\Amendment D OROO-14001 .doc 




a command receiving mechanism that is configured to receive a command 
to perform an administrative function involving an object defined within the 



4 database system; 



5 



wherein at least one of the plurality of administrators is a security officer 



6 who can perform administrative functions on sensitive objects; 



7 



wherein an administrator in the plurality of administrators who is not a 

8 security officer cannot become a sensitive user and thereby obtain access to 

9 sensitive objects indirectly; 

\ 10 an execution mechanism that is configured to, 

\) j ! determine if the object is a sensitive object that is 

12 associated with security functions in the database system, 

j 3 allow the administrative function to proceed, if the object is 

14 not a sensitive object, and if the command is received from an 

! 5 administrator who is not a security officer, and to 

j 6 disallow the administrative function, if the object is a 

j ? sensitive object, and if the command is received from an 

! 8 administrator who is not a security officer. 



1 42. (New) The apparatus of claim 41, 

2 wherein the command receiving mechanism is configured to receive a 
request to perform an operation on a data item in the database system; 



3 

4 wherein the execution mechanism is configured to, 

5 allow the operation to proceed, if the data item is a sensitive data item, if 

6 the request is received from a sensitive user who is empowered to access sensitive 

7 data, and if the sensitive user has access rights to the sensitive data item, and to 

8 disallow the operation, if the data item is a sensitive data item, and if the 

9 request is received from a user who is not a sensitive user. 
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1 43. (New) The apparatus of claim 42, further comprising a decryption 

2 mechanism, wherein if the data item is a sensitive data item, if the operation is 

3 allowed to proceed, and if the operation involves retrieval of the data item, the 

4 decryption mechanism is configured to decrypt the data item using an encryption 

5 key after the data item is retrieved 



1 44. (New) The apparatus of claim 43, wherein the encryption key is stored 

2 along with a table containing the data item. 

1 45. (New) The apparatus of claim 44, wherein the encryption key is stored 

2 in encrypted form. 

1 46. (New) The apparatus of claim 41, wherein the sensitive object can 

2 include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 

1 47. (New) The apparatus of claim 41 , wherein if the object is not a 

2 sensitive object, and if the command to perform the administrative function is 

3 received from a security officer, the execution mechanism is configured to allow 

4 the security officer to perform the administrative function. 

1 48. (New) The apparatus of claim 4 1 , 
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1 wherein the database system includes a number of sensitive data items; 

2 and 

3 wherein only specific sensitive users are allowed to access a given 

4 sensitive data item. 
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